Skip to content

Releases: drevops/vortex

1.38.0 - Prism

28 Apr 03:56
@github-actions github-actions
1.38.0
cd86b15
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.38.0 - Prism Latest
Latest
vortex-1380-prism_2

1.38.0 - Prism

This release sharpens what teams actually use day to day: JavaScript unit tests, more batteries-included Drupal modules, per-channel deployment notifications, hardened access controls on Drupal core text files, opt-in repeated configuration import, manual deploys from the GitHub Actions UI, hardened Renovate config, and a fix for the profile-fallback provisioning path. PHP 8.4 is now the runtime baseline and Lagoon containers are at 26.4.0.

🔍 Highlights

  • JavaScript unit testing with Jest
    Jest is now configured for JavaScript modules and theme code, alongside the existing PHPUnit and Behat suites. CI runs ahoy test-js and reports coverage. Existing projects: pull the new theme dependencies (yarn install in web/themes/custom/your_site_theme/); the lint and test commands wire in automatically. New projects: it's on by default.

  • More batteries-included Drupal modules
    drupal_helpers, generated_content, testmode, and reroute_email are now part of the default module set, with environment-aware settings. reroute_email intercepts outbound mail on non-production environments using DRUPAL_REROUTE_EMAIL_ADDRESS and DRUPAL_REROUTE_EMAIL_ALLOWED (set DRUPAL_REROUTE_EMAIL_DISABLED=1 to disable). Existing projects: run composer update -W then drush pm:install drupal_helpers generated_content testmode reroute_email to enable.

  • Per-channel branch filtering for deployment notifications
    Each notification channel (Email, Newrelic, Jira, GitHub, Webhook) can now be filtered to specific branches independently. Set VORTEX_NOTIFY_<CHANNEL>_BRANCHES (e.g. VORTEX_NOTIFY_EMAIL_BRANCHES="main,develop") to restrict that channel; leave empty to fire on all branches. Existing projects: behaviour unchanged unless you set the new variables.

  • Blocked access to Drupal core *.txt and *.md files in .htaccess
    Files like web/core/CHANGELOG.txt, INSTALL.txt, README.md, and friends are now blocked at the web-server level, removing a common information-disclosure vector that fingerprints Drupal version. Existing projects: regenerate .htaccess from the template (or copy the new block from this release) and redeploy. No env vars; the protection is automatic once the file is on the server.

  • Opt-in repeated configuration import after the initial import
    Provision can now run a second drush config:import pass after the first one to settle dependent configuration that does not resolve in a single pass. Enable with VORTEX_PROVISION_CONFIG_IMPORT_REPEAT=1 (default 0). Existing projects: behaviour unchanged unless you set the variable; flip it on if your config has known cross-dependency issues.

  • Manual deploys from the GitHub Actions UI
    The deploy job now accepts workflow_dispatch inputs deploy_target (a branch name or PR-<num>) and override_db (boolean). Trigger ad-hoc deploys without pushing a commit. Existing projects: the new inputs appear in the Run workflow panel for build-test-deploy.yml; no configuration needed.

  • Hardened Renovate config
    Renovate now caps concurrent PRs, auto-merges trusted GitHub Actions updates, and labels grouped updates on the dependency dashboard. Existing projects: copy the updated renovate.json from the template. The new limits and auto-merge rules apply on the next Renovate run.

  • Fixed profile-fallback provisioning + cache rebuild after updb
    Two reliability fixes: the fallback profile install (VORTEX_PROVISION_FALLBACK_TO_PROFILE=1) now installs Shield, skips post-provision steps, and avoids a missing-tables crash; and drush cache:rebuild runs automatically after drush updb so the site renders correctly on the first request. Set VORTEX_PROVISION_CACHE_REBUILD_AFTER_DB_UPDATE_SKIP=1 to opt out (default 0 = enabled). Existing projects: applied automatically on next provision.

  • PHP 8.4 baseline
    The CLI image, Composer platform, PHPStan, and PHPCS all target PHP 8.4. Existing projects: bump composer.json config.platform.php, phpstan.neon phpVersion, and phpcs.xml testVersion to match (or copy from the template) and run lint to surface any 8.3-only patterns in custom code.

💥 Breaking changes

  • PHP 8.4 is now required. Consumer projects pinned to PHP 8.3 must update Composer platform, PHPStan, and PHPCS configuration to PHP 8.4 before running CI on this release.

What's new since 1.37.0

🌀 Template

  • New

    • [#2394] Added Jest for JavaScript unit testing. @AlexSkrypnyk (#2418)
      What it does: Adds Jest as the JavaScript unit test runner, with coverage thresholds and CI integration matching the PHP test setup.
      How to use it: Run ahoy test-js locally; CI runs it automatically. Place tests next to the JS source under web/modules/custom/*/tests/ or web/themes/custom/*/tests/. Existing projects: pull the new yarn dependencies in the theme directory.

    • [#2401] Added drupal_helpers, generated_content, and testmode modules. @AlexSkrypnyk (#2414)
      What it does: Three modules join the default stack to support development workflows. drupal_helpers provides utility hooks; generated_content creates fixture data programmatically; testmode flags the site as being in a test mode so behaviour can branch on it.
      How to use it: After updating, run composer update -W and drush pm:install drupal_helpers generated_content testmode. Generated content fixtures live under web/modules/custom/*/src/Plugin/GeneratedContent/. Test-mode aware code can check the testmode.is_test_mode service.

    • [#2422] Added 'reroute_email' module with environment-based settings. @AlexSkrypnyk (#2431)
      What it does: Intercepts outbound mail on non-production environments using the reroute_email module, so staging or development sites do not accidentally email real users.
      How to use it: Enable the module (it's now in composer.json). Configure with DRUPAL_REROUTE_EMAIL_ADDRESS (target inbox) and DRUPAL_REROUTE_EMAIL_ALLOWED (glob pattern that bypasses rerouting). Set DRUPAL_REROUTE_EMAIL_DISABLED=1 on production to turn rerouting off.

    • [#2173] Added per-channel branch filtering for notifications. @AlexSkrypnyk (#2429, #2430)
      What it does: Each notification channel (Email, Newrelic, Jira, GitHub, Slack, Webhook) can be restricted to specific branches independently.
      How to use it: Set VORTEX_NOTIFY_<CHANNEL>_BRANCHES to a comma-separated branch list (e.g. VORTEX_NOTIFY_EMAIL_BRANCHES="main,develop"). Leave empty to fire on all branches. New Relic now defaults to main,master,develop.

    • [#2373] Blocked access to 'web/core/.txt' and '.md' files in '.htaccess'. @AlexSkrypnyk (#2420)
      What it does: Drupal core text and markdown files (CHANGELOG.txt, INSTALL.txt, README.md, etc.) are now blocked from public access at the web-server level.
      How to use it: Existing projects need to regenerate .htaccess from the template (or copy the new block) and redeploy. No env vars - the rule is unconditional.

    • [#2374] Added opt-in repeated configuration import after initial import. @AlexSkrypnyk (#2417)
      What it does: Provision can run a second drush config:import pass after the first one to settle dependent configuration that does not resolve in a single pass.
      How to use it: Set VORTEX_PROVISION_CONFIG_IMPORT_REPEAT=1 to enable (default 0). Existing projects: behaviour unchanged unless flipped on.

    • Allow to manually run deploy from GHA UI. @AlexSkrypnyk (#2405)
      What it does: The deploy workflow now accepts workflow_dispatch inputs to trigger ad-hoc deploys without pushing a commit.
      How to use it: From the Actions tab, run build-test-deploy.yml with deploy_target set to a branch name or PR-<num>, and optionally override_db: true to wipe the existing database. Lint, database, and build jobs are skipped on manual runs.

    • [#2351] Added per-step timing to 'task()' and 'pass()' functions. @AlexSkrypnyk (#2473)
      What it does: Shell scripts now print per-step timings, making it easier to spot where build and provision time is going.
      How to use it: No action needed - timings appear automatically in script output.

    • [#2444] Added 'CodeCoverageProvider' installer prompt with Codecov option. @AlexSkrypnyk (#2464)
      What it does: A new installer prompt lets you opt into Codecov as the coverage provider. CI uploads coverage reports, posts threshold summaries as PR comments, and degrades gracefully when Codecov is unavailable.
      How to use it: Re-run the installer or pick "Codecov" when prompted. Existing projects: set CODECOV_TOKEN in CI variables and copy the relevant CI block from the template.

    • [#2399] Added Behat attribute set to Rector configuration. @AlexSkrypnyk (#2416)
      What it does: Rector now understands Behat PHP attributes, so test step modernisation can run alongside the rest of the codebase.
      How to use it: Run vendor/bin/rector (or ahoy lint); no configuration needed.

    • Add content moderation in search. @AlexSkrypnyk (#2397)
      What it does: Search index integration now respects the Content Moderation state, so unpublished revisions do not leak into search results.
      How to use it: Existing projects on Search API: re-export search index config (drush cex) to pull in the moderation-state filter, or copy the relevant config from the template.

    • Added Jest test coverage and refactored demo test to use 'require()'. @AlexSkrypnyk (#2446)
      What it does: The demo Jest test now reports coverage and uses CommonJS require(), providing a w...

Read more

Contributors

AlexSkrypnyk and renovate
Assets 2
Loading

1.37.0 - Resonance

14 Mar 06:49
@github-actions github-actions
1.37.0
d7235cc

Choose a tag to compare

View all tags
1.37.0 - Resonance

1.37.0 - Resonance

This release extracts demo code into a dedicated module, splits linting into a standalone CI job, restructures CircleCI config for maintainability, and includes multiple CI/CD fixes for Docker permissions, coverage reporting, and branch filtering.

🔍 Highlights

  • Demo Module Extraction
    Demo code (counter block, deploy hooks, CSS/JS, tests) moved from ys_base into a new ys_demo module, making it easy to remove demo content from production projects.

  • Standalone Lint CI Job
    All linting tools extracted into a dedicated CI job that runs in parallel with the build, providing faster code style feedback.

  • CircleCI Config Split
    CircleCI configuration split into multiple files for better maintainability and separation of concerns.

  • CI/CD Hardening
    Fixed Docker permission warnings in GHA, improved coverage comment handling, and corrected branch filtering for feature/bugfix branches.

💥 Breaking changes

None

What's new since 1.36.1

🌀 Template

  • New

    • [#2340] Moved demo code from ys_base to new ys_demo module. @AlexSkrypnyk (#2349)
      Demo code (counter block with CSS/JS, deploy hooks, and example tests across Unit, Kernel, Functional, and FunctionalJavascript test types) has been extracted into a dedicated ys_demo module. This makes it straightforward to remove all demo content from production projects by simply disabling one module.

    • [#2363] Added colour to ahoy confirm. @AlexSkrypnyk (#2366)
      Confirmation prompts for destructive ahoy commands now display in red with dimmed [y/N] text, making them more visually prominent and harder to accidentally dismiss.

    • [#2353] Allow running CI builds against PR branches. @AlexSkrypnyk (#2354)
      Added pull_request_target trigger to GitHub Actions workflow so that CI builds can run against PR branches. Previously, only push events to specific branches triggered builds.

    • [#2368] Switched git-artifact to download from GitHub Releases with SHA256 verification. @AlexSkrypnyk (#2370)
      The git-artifact deployment tool is now downloaded as a binary from GitHub Releases instead of being installed via Composer. Each download is verified against a SHA256 checksum, improving supply chain security and removing the Composer dependency from the deploy process.

    • Updated posting of coverage comments to replace existing comments. @AlexSkrypnyk (#2380)
      Coverage comments posted to PRs now replace the previous comment instead of creating duplicates. This uses a dedicated post-coverage-comment.sh script that finds and updates existing comments, keeping PR conversations clean.

    • Added consistent Chromium flags to Behat and PHPUnit configs. @AlexSkrypnyk (#2378)
      Added --disable-popup-blocking flag to Chrome browser arguments in both Behat and PHPUnit configurations. This ensures consistent browser behaviour across both testing frameworks and prevents popup-related test flakiness.

  • 🛠 Changed

    • [#1571] Split CircleCI config into multiple files. @AlexSkrypnyk (#2105)
      The monolithic CircleCI config.yml has been split into config.yml, vortex-test-common.yml, and update-dependencies.yml. This reduces the main config size and makes each CI concern (project builds, Vortex integration tests, dependency updates) independently maintainable. The installer now also cleans up these internal Vortex CI files during installation.

    • [#2154] Extracted linting into standalone lint CI job. @AlexSkrypnyk (#2346)
      All linting tools (PHPCS, PHPStan, PHPMD, Rector, Twig CS Fixer, ESLint, Stylelint, Gherkin Lint) now run in a dedicated lint job that executes in parallel with the build job. This provides faster feedback on code style issues without waiting for the full build to complete.

    • [#2362] Use yield in data providers. @AlexSkrypnyk (#2367)
      Converted all PHPUnit data providers across the project to use yield statements instead of returning arrays. This improves memory efficiency for large test suites and makes data providers more readable by naming each test case inline.

    • Removed stale references to asset-packagist's installer types. @AlexSkrypnyk (#2359)
      Cleaned up leftover asset-packagist references that were no longer relevant after previous dependency changes.

  • 🐞 Fixed

    • Fixed docker permissions in GHA. @AlexSkrypnyk (#2376)
      Set DOCKER_CONFIG=/tmp/.docker at workflow level to work around the Actions runner creating /root/.docker/config.json with permissions that prevent the container from reading it (actions/runner#863).

    • Fixed pushes to feature/* and bugfix/* branches should not run CI builds. @AlexSkrypnyk (#2365)
      Removed feature/** and bugfix/** from the push trigger list. These branches should only trigger CI via pull request events, not on every push.

    • Fixed S3 upload not stopping on failed upload. @AlexSkrypnyk (#2371)
      The S3 upload script now captures the HTTP response status code and fails with an error message on non-2xx responses. Previously, upload failures were silently ignored.

    • [#2350] Fixed local settings file being included during settings unit tests. @AlexSkrypnyk (#2352)
      Added a guard to prevent settings.local.php from being loaded during unit tests. Developer-specific local settings were polluting the test environment and causing inconsistent results.

    • Fixed DB download variables inconsistencies. @AlexSkrypnyk (#2360)
      Standardised variable naming across all database download scripts (download-db-acquia.sh, download-db-s3.sh, download-db-ftp.sh, etc.) and added test coverage for the main download orchestration script.

    • Fixed migration Drupal variables not starting with DRUPAL_. @AlexSkrypnyk (#2357)
      Renamed migration-related environment variables to use the DRUPAL_ prefix, matching the project's variable naming convention.

    • Fixed coverage threshold check not storing results on low values in CI. @AlexSkrypnyk (#2372)
      When coverage values were very low, the threshold check failed to store results, causing CI job summaries to be incomplete.

    • Fixed missed pinned GHA actions not being updated with Renovate. @AlexSkrypnyk (#2375)
      Pinned shimataro/ssh-key-action to a commit SHA digest so Renovate can track and update it automatically. Previously it used a tag reference that Renovate did not manage.

    • Fixed ownership permissions warning in GHA. @AlexSkrypnyk (#2358)

    • Fixed GH test token not being passed to tests in CI. @AlexSkrypnyk (#2364)

    • [#2338] Fixed installer replacement and PHPMD discovery. @AlexSkrypnyk (#2369)
      Fixed PHPMD tool discovery logic in the installer's Tools handler and a replacement issue in the Webroot handler.

  • ⬆️ Updated

🎛 Installer

  • New

    • [#2340] Added CustomModules handler for selecting custom modules during installation. @AlexSkrypnyk (#2349)
      A new installer prompt allows users to choose which custom modules (Base, Demo, Search) to include. Previously, all modules were always included. The Demo module can now be easily excluded for production projects, and the Search module selection is linked to Solr service availability.

  • 🛠 Changed

    • [#1571] Installer now removes Vortex-internal CircleCI config files during installation. @AlexSkrypnyk (#2105)
      Internal vortex-*.yml CircleCI configs are cleaned up during installation, matching the existing cleanup of internal GHA workflows.

    • [#2340] Updated Services and ModulePrefix handlers for demo module support. @AlexSkrypnyk (#2349)
      The Services handler now conditionally includes the Solr service based on Search module selection. The ModulePrefix handler applies prefix renaming to the new demo module alongside the base module.

  • 🐞 Fixed

📖 Documentation

📋 Release checklist

  • Updated all dependencies outside of the schedule (run Renovate locally)
  • Updated container images to the latest versions and checked that @see links (v26.2.0)
  • Updated PHP version in composer.json for config.platform. (8.3.28 → 8.3.30)
  • Updated PHP version in phpcs.xml for testVersion. (8.3 — unchanged, still on 8.3.x)
  • Updated PHP version in phpstan.neon for phpVersion. (80328 → 80330)
  • Updated minor version of all packages in composer.json. (composer update -W && composer bump done)
  • Updated minor version of dependencies in theme's package.json. (yarn upgrade done)
  • Update drevops/ci-runner to the latest version in .circleci/config.yml and `.github/workflows/build-test-deploy....
Read more

Contributors

AlexSkrypnyk and renovate
Loading

1.36.1

05 Mar 02:40
@github-actions github-actions
1.36.1
ddf8061
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.36.1

What's new since 1.36.0

Full Changelog: 1.36.0...1.36.1

@AlexSkrypnyk, @renovate[bot] and renovate[bot]

Contributors

AlexSkrypnyk and renovate
Loading

1.36.0

19 Feb 23:54
@github-actions github-actions
1.36.0
0de6f38
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.36.0

1.36.0 - Phase

This release makes Vortex AI-native, migration-ready, and more production-safe by introducing structured agent support, CI-testable migrations, full-stack JS testing, hardened provisioning, and improved CI/infrastructure capabilities.

🔍 Highlights

  • Migration Framework Integration
    Added secondary database support during provisioning to import existing sites and run migrations in a controlled, CI-testable sequence.

  • AI-Native Development Support
    Introduced AGENTS.md and an AI-friendly installer with structured schema and validation flags, enabling reliable non-interactive and agent-driven workflows.

  • Functional JavaScript Testing
    Enabled browser-based Functional JS tests via a Chrome container, extending Vortex’s full-stack automated testing capabilities.

  • Safer, More Reliable Provisioning
    Prevent config imports from overriding database updates and simplified provisioning logic to use direct Drush commands.

  • Improved CI & Infrastructure Flexibility
    Added S3 database download support, surfaced coverage thresholds in CI summaries, and improved artifact handling for better visibility and debugging.

💥 Breaking changes

None.

What's new since 1.35.3

🌀 Template

  • New

    • [#1642] Added support for migrations. @AlexSkrypnyk
      A secondary database can now be used during provisioning to import an existing Drupal site's database dump, and then run the migration commands in a pre-defined order. This allows to test migrations locally and in CI.

    • [#1968] Added a fallback for installing from profile if the DB is not available during provision. @AlexSkrypnyk (#2294)
      When setting up a project in an environment where the database is not available, a "seed" databases is needed. But the environment not exist to seed that database. This change allows to use a Drupal profile to provision a seed database in the environment, and later override it with the real one.

    • [#1654] Added a check that config import does not override database updates during provision. @AlexSkrypnyk (#2304)
      Updated modules may bring databased updates via update hook. When the provision runs, the config import runs after these database updates, and may revert them. This change allows to check the configs before and after import and fail the provision if there are changes that may indicate that database updates were reverted.

    • [#532] Added support for Functional JS tests. @AlexSkrypnyk (#2300)
      Functional JS tests can now run using the Chrome container. The setup is similar to existing Behat configuration.

    • Added support for all AI agents + docs. @AlexSkrypnyk (#2272)
      Vortex now has AGENTS.md file that provides instructions for AI agents on how to work with projects based on Vortex, including how to read generic documentation from https://www.vortextemplate.com/docs, and project-specific documentation from the project's docs/ directory. This allows teams to document only the project-related specifics and let AI agents use the generic documentation for all the common tasks.

    • [#699] Added support for downloading DB from S3. @AlexSkrypnyk (#2256)
      Added AWS S3 bucket as a new source of the database dump storage. This is useful for when the database dump cannot be sourced directly from the production environment and is stored in the intermediary location, such as S3.

    • [#1913] Allow to modify Drush PHP runtime configuration. @AlexSkrypnyk (#2268)
      This allows to provide a custom drush.ini file with PHP configuration targeted for Drush commands. This is useful for commands that require more memory or longer execution time.

    • [#2198] Added support for ACME challenge in Shield. @AlexSkrypnyk (#2254)
      This allows to use Let's Encrypt certificates with Shield module by bypassing ACME challenge endpoint /.well-known/acme-challenge/*.

    • [#1979] Added support for xmlsitemap module for sitemap.xml generation. @AlexSkrypnyk (#2264)
      This allows to generate sitemap.xml file, which every website should have.

    • Added coverage threshold to CI job summary. @AlexSkrypnyk (#2251)
      Coverage threshold existed before, but it was only visible in the logs. Now it is also added to the CI job summary, so it is more visible and easier to track.

    • Added config to Renovate to update root FE deps. @AlexSkrypnyk (#2278, #2277)
      Renovate was configured to manage PHP, Docker and GitHub Action dependencies, but not the NPM dependencies used for module development. This change adds the root package.json to Renovate's scope, so that it can keep the FE dependencies up to date as well.

  • 🛠 Changed

    • Simplified provision to use direct commands rather than drush:deploy. @AlexSkrypnyk (#2303)
      We used both drush:deploy and direct Drush commands in the provision script based on whether the configuration files were present or not. This change simplifies the logic by always using direct Drush commands, which are more straightforward and easier to maintain.

    • Added missing namespaced variables to Vortex scripts. @AlexSkrypnyk (#2267)
      Namespaced variables are variables that have a specific prefix to indicate that they are used in a context of a specific script. This allows to target variables more precisely. Some of the scripts did not have namespaced variables, which made certain overrides impossible. This change fixes that.

    • Removed the Docker builder cache to free up CI container space. @AlexSkrypnyk (#2290)
      In some edge cases, the container could run out of space due to the builder cache, which is not needed in CI and can be safely removed.

    • Disabled Renovate for development .vortex files. @AlexSkrypnyk (#2285)
      These dependencies are locked and managed manually.

    • [#2202] Updated Acquia settings to use env variables to include the cloud setting file. @AlexSkrypnyk (#2260)
      Prior to this change, the Acquia settings file was included using the project details specified as strings in the settings.acquia.php file, making it less upgradable.

    • Increased test coverage for Acquia env settings. @AlexSkrypnyk
      Some of the code paths in Acquia settings were not covered by tests, which made it more difficult to maintain and refactor. This change adds more tests to cover these paths.

    • [#1976] Upload SUT test artifacts in vortex-test-workflow CI. @AlexSkrypnyk (#2255)
      This allows to have access to the test artifacts produced by the SUT tests, such as screenshots and logs, which can be useful for debugging test failures.

  • 🐞 Fixed

    • [#2270] Fixed follow-up deployments to mark deployment in GitHub as inactive. @AlexSkrypnyk (#2299)
      This was making follow-up deployments of peer PRs to mark the deployments of the other PRs as inactive. The fix was to correctly name the deployment in GitHub after the PR number or branch.

    • [#2261] Fixed Acquia settings to allow DRUPAL_CONFIG_PATH override independently of config_vcs_directory. @AlexSkrypnyk (#2263)
      This fixes the issues where the config sync directory in Acquia could be overridden with a value from DRUPAL_CONFIG_PATH environment variable only if $settings['config_vcs_directory'] existed. After this fix, the DRUPAL_CONFIG_PATH variable can be used to override the config sync directory in Acquia regardless of the presence of config_vcs_directory setting.

    • Fixed incorrectly prefixed environment variables. @AlexSkrypnyk (#2265)
      Renamed VORTEX_DB_<ACTION>_* to VORTEX_<ACTION>_DB_* for consistency with other variables.

    • Fixed SIGPIPE (exit code 141) in CI coverage threshold check caused by head -1 closing pipe under pipefail. @AlexSkrypnyk (#2289)

    • [#1219] Fixed tag deployment mode skip in Lagoon deploy script. @AlexSkrypnyk (#2301)
      Prior to this change, the tag deployment wouldbe triggered from CI and hiy Lagoon, which would respond with an error, causing the CI job to fail.

    • [#2249] Changed Renovate rangeStrategy to bump. @AlexSkrypnyk (#2250)
      This fixes Renovate configuration to also update composer.json when bumping dependencies. Not adding this earlier when we switched to using "bumping" of versions in composer.json was an oversight.

  • ⬆️ Updated

🎛 Installer

  • New
    • [#2302] Added support for prompts schema to make the installer AI-friendly. @AlexSkrypnyk (#2306)
      AI agents now can use --schema flag to get structured information about the installer options, requirements and steps, and use it to run the installer in a non-interactive way.
      They can also use --validate flag to validate the config before running the installer.
      There is also a new --agent-help flag that provides detailed information about the installer's commands and options. This is useful for AI age...
Read more

Contributors

AlexSkrypnyk and renovate
Loading

1.35.3

05 Feb 00:30
@github-actions github-actions
1.35.3
7cf277d

Choose a tag to compare

View all tags
1.35.3

What's new since 1.35.2

Full Changelog: 1.35.2...1.35.3

@AlexSkrypnyk, @renovate[bot] and renovate[bot]

Contributors

AlexSkrypnyk and renovate
Loading

1.35.2

14 Jan 23:52
@github-actions github-actions
1.35.2
95c5104

Choose a tag to compare

View all tags
1.35.2

What's new since 1.35.1

Full Changelog: 1.35.1...1.35.2

@AlexSkrypnyk, @renovate[bot] and renovate[bot]

Contributors

AlexSkrypnyk and renovate
Loading

1.35.1

07 Jan 08:17
@github-actions github-actions
1.35.1
a80f513

Choose a tag to compare

View all tags
1.35.1

What's new since 1.35.0

A small patch release to update service containers.

Full Changelog: 1.35.0...1.35.1

@AlexSkrypnyk, @renovate[bot] and renovate[bot]

Contributors

AlexSkrypnyk and renovate
Loading

1.35.0 - Radiance

06 Jan 05:56
@github-actions github-actions
1.35.0
59f115c

Choose a tag to compare

View all tags
1.35.0 - Radiance

This release delivers full Drupal 11.3 compatibility, alongside comprehensive updates to container images, GitHub Actions, and automated tooling. The installer's test harness was also improved for more efficient snapshot management.

🔍 Highlights

  • Drupal 11.3 compatibility ensuring the template stays aligned with the latest Drupal core release.
  • Infrastructure and dependency updates across container images, GitHub Actions, and automated tooling for improved stability and security.
  • Installer improvements including snapshot-based testing and a new GIF generator for clearer onboarding.

💥 Breaking changes

None.

What's new since 1.34.0

🌀 Template

🎛 Installer

📖 Documentation

  • New

    • None

  • 🛠 Changed

    • None

  • 🐞 Fixed

    • None

📋 Release checklist

  • Updated all dependencies outside of the schedule
  • Updated container images to the latest versions and checked that @see links
  • Updated PHP version in composer.json for config.platform.
  • Updated PHP version in phpcs.xml for testVersion.
  • Updated PHP version in phpstan.neon for phpVersion.
  • Updated minor version of all packages in composer.json.
  • Updated minor version of dependencies in theme's package.json.
  • Update drevops/ci-runner to the latest version in .circleci/config.yml and .github/workflows/build-test-deploy.yml.
  • Incremented the cache version in .circleci/config.yml and .github/workflows/build-test-deploy.yml.
  • Updated documentation.

Full Changelog: 1.34.0...1.35.0

@AlexSkrypnyk, @renovate[bot] and renovate[bot]

Contributors

AlexSkrypnyk and renovate
Loading

1.34.0 - Flux

05 Dec 11:40
@github-actions github-actions
1.34.0
60be7c5

Choose a tag to compare

View all tags
1.34.0 - Flux

What's new since 25.10.0

Note

Vortex now uses SemVer for versioning: it was used in the past untill version 1.22.0 and then we tried CalVer, which worked well for Vortex, but will not work well for 1.x/2.x split and publishing of tooling packages. All CalVer versions since 1.22.0 were tagged incrementally, making this version 1.34.0.

Vortex 1.34.0 introduces several major improvements that enhance security, streamline dependency management, modernise the development workflow, and prepare the foundation for Vortex 2.0.

This release adopts Composer’s new built-in security audit to ensure that consumer projects stay protected from known vulnerabilities. Dependency management has been improved by switching to version bumping on composer update, and Composer Patches has been upgraded to v2 for stronger supply-chain safety.

On the Drupal side, the template no longer relies on drupal/core-dev, used for core development. Instead, it now includes only the necessary development packages, removing unnecessary version constraints and enabling upgrades to PHPCS v4, Coder v9, and Solr 9.

The installer now supports immediate builds, allows choosing a versioning schema, provides module selection, and is compatible with PHP 8.2 for installation and updates on older environments.

Finally, Vortex’s own end-to-end testing system has moved from BATS to PHPUnit, making tests easier to maintain, debug and extend—while still retaining BATS for shell unit-tests with coverage.

Most importantly, this version removes the remaining blockers for Vortex 2.0. The roadmap is now defined, prioritised, and tracked in the project board at https://github.com/orgs/drevops/projects/2/views/4. Development of Vortex 2.0 is expected to take 2–3 months.

🔍 Highlights

  • Composer security audit integrated into CI, ensuring consumer sites fail builds when vulnerable dependencies are detected.
  • Composer Patches upgraded to v2, improving patch integrity and mitigating supply-chain risks when using patches from external MRs.
  • Simplified Drupal dev dependencies, removing drupal/core-dev and enabling upgrades to PHPCS v4, Coder v9, and Solr v9.
  • Dependency bumping automated with bump-after-update, ensuring consistent and reliable dependency updates for all projects.
  • Installer improvements: immediate build support, module selection, versioning schema choice (SemVer/CalVer), and compatibility with PHP 8.2.
  • Vortex own testing system migrated to PHPUnit, enhancing maintainability, debuggability, and extensibility while keeping BATS for shell script unit tests.

💥 Breaking changes

  • Compose security audit is now part of CI. Consumer sites should ensure that their dependencies do not have known security issues. Run composer audit locally to check for security issues before updating dependencies.
    See http://vortextemplate.com/docs/workflows/development for more details.
  • cweagans/composer-patches was updated to v2. This version uses previously applied patches as a base for new patches. Consumer sites should ensure that all patches are applied correctly after updating to this version. Run composer patches-relock and composer patches-repatch, then commit the patches.lock.json file.
    See http://vortextemplate.com/docs/workflows/development for more details.
  • drupal/core-dev was replaced with specific packages required for consumer sites.
    drupal/core-dev package is used for developing the core. It has some version limitations that should not be imposed on consumer sites. Consumer sites should review require-dev section of composer.json and ensure that all necessary packages are included in their site's composer.json.
  • Variable names used for skipping deployments were updated. Consumer sites should update their variables accordingly:
    VORTEX_DEPLOY_SKIP_PR_123: "1" -> VORTEX_DEPLOY_SKIP_PRS: "123"
    VORTEX_DEPLOY_SKIP_BRANCH_FEATURE_TEST: "1" -> VORTEX_DEPLOY_SKIP_BRANCHES: "feature/test"
    See #2088 for more details.
    Add VORTEX_DEPLOY_ALLOW_SKIP: "1" to allow the skipping mechanism to work.
  • Variables names used for notifications were updated.
    See https://www.vortextemplate.com/docs/workflows/notifications for more details.

Changelog

🌀 Template

  • New
    • [#2125] Added support for Composer 2.9.0 automated security audit. @AlexSkrypnyk (#2126) ⭐⭐⭐
      There is now a check in CI that runs composer audit and fails the build if any security issues are found in non-dev dependencies.
    • [#2164] Added bump-after-update configuration to composer.json and updated docs. @AlexSkrypnyk (#2165) ⭐⭐⭐
      Consumer sites should always bump their dependencies after running composer update . This change adds a configuration option to composer.json to automate this process.
    • [#2096] Added support for cweagans/composer-patches v2. @AlexSkrypnyk (#2099) ⭐⭐⭐
      Using v2 hardens patching process to use previously applied patches as a base for new patches. This mitigates supply chain attacks when patches are referenced from merge requests on Drupal.org, where an attacker could push a malicious piece of code to not-yet-merged merge request.
    • [#1895] Added fresh DB download support for Acquia. @AlexSkrypnyk (#2120)
      ahoy download-db --fresh will now trigger a new DB backup, will wait for it to complete, and then download it. Similar feature was shipped for Lagoon in the last release. ⭐⭐
    • [#1923] Added Slack notifications + docs. @AlexSkrypnyk (#2090) ⭐⭐
    • [#2151] Enforced "No Spaces Around Union Types" using Slevomat standard. @AlexSkrypnyk (#2155) ⭐
    • Added Rector trait new line rules. @AlexSkrypnyk (#2138) ⭐
  • 🛠 Changed
    • [#2106] Updated require-dev in composer.json to use only necessary packages and updated PHPCS to v4 and Coder to v9. @AlexSkrypnyk (#2127) ⭐⭐
    • Refactored all notification scripts to use unified variables and messages with token support. @AlexSkrypnyk (#2100) ⭐
    • [#2104] Added SemVer+CalVer versioning support for Vortex development. @AlexSkrypnyk (#2150) ⭐
    • [#1428] Updated deployment bypass mechanism to use list-based variables. @AlexSkrypnyk (#2088) ⭐
    • Fixed GHA status check for vortex-test-docs workflow. @AlexSkrypnyk (#2157)
  • 🐞 Fixed
  • ⬆️ Updated

🎛 Installer

  • New
    • [#1950] Added "build now" to installer. @AlexSkrypnyk (#2134, #2168) ⭐⭐⭐
      After finishing the installer prompts, the user can now choose to trigger a build immediately.
    • [#2044] Allow to select versioning schema in installer. @AlexSkrypnyk (#2113) ⭐⭐
      User can now choose between SemVer and CalVer versioning schemas for the project.
    • [#2014] Allow to select modules in the installer. @AlexSkrypnyk (#2108) ⭐ ⭐
      User can now select which modules (from existing ones in composer.json) should be included in the project. This allows to easily opt-out of modules.
    • Added installer artifact to dev docs Netlify deployment. @AlexSkrypnyk (#2146) ⭐
      This allows testing development versions of the installer from within each PR.
    • [#2086] Added support for --interactive flag when running ahoy update-vortex. @AlexSkrypnyk (#2087)
  • 🛠 Changed
    • Updated installer to be compatible with PHP 8.2 @AlexSkrypnyk (#2158) ⭐
      Some users are still on PHP 8.2 and this change ensures compatibility when they are trying to install or upgrade.
    • Updated installer version discovery and format. @AlexSkrypnyk (#2161) ⭐
      Allows to specify the Vortex reference (branch, tag, commit) when installing more easily. This helps when updating projects: ahoy update-vortex https://github.com/drevops/vortex.git#25.11.0
    • [#2109] Enabled AI instructions by default in installer. @AlexSkrypnyk (#2110) ⭐
    • Updated Installer tests to use envTrait for tests to ensure automated env vars cleanup. @AlexSkrypnyk (#2144)
    • Renamed unit and functional tests for PromptManager discovery and process tests. @AlexSkrypnyk (#2136)
    • Updated PHPUnit helpers to 0.15 @AlexSkrypnyk (#2132)
    • Made installer fixture updated run in separate processes. @AlexSkrypnyk (#2121)
    • Unified writing to .env file in ins...
Read more

Contributors

AlexSkrypnyk and renovate
Loading

25.10.0

02 Nov 03:36
@AlexSkrypnyk AlexSkrypnyk
25.10.0
6a91341

Choose a tag to compare

View all tags
25.10.0

What's new since 25.8.1

This release focuses on improving consistency, automation, and configurability across Vortex. It introduces stricter code standards, enhances CI/CD reliability, adds new local dev and installer capabilities, and refines Acquia hosting behavior to be more predictable and flexible.

Notable changes

  1. Added PHPCS standard enforcing snake_case for local variables and method arguments for consistent coding style (#2074).

  2. Upgraded Rector config to v2 with rule sets for better maintainability and performance (#2047, #2068).

  3. Improved Acquia hosting by allowing DRUPAL_CONFIG_PATH override and fixing config directory/redirect issues (#2012).

  4. Enhanced GitHub Actions CI with fixed tag deployments, preserved file permissions, and faster artifact packaging (#2010, #2039).

  5. Installer and functional tests modernized — added hosting project name, core theme selection, PHP 8.3 support, and migrated tests to PHPUnit (#2045, #2075).

💥 Breaking changes

None

💧 Drupal

New features

None

Fixes

Updates

  • Simplified Redis extension loaded condition. @AlexSkrypnyk (#2049)
    Redis now enables only when the Redis extension is loaded or when an environment variable is explicitly set to '1', preventing unintended activation from ambiguous values and making configuration more predictable

☁️ Hosting

New features

  • Allow to override config directory with DRUPAL_CONFIG_PATH in Acquia. @AlexSkrypnyk (#2012)

Fixes

Updates

None

🏗 Continuous Integration

New features

None

Fixes

Updates

💻 Local Development and containers

New features

Fixes

Updates

🛠️ Tools

New features

  • Added PHPCS standard to enforce snake case for local variables and method arguments. @AlexSkrypnyk (#2074)
    Coder does not enforce snake case format for local variables and function/method arguments. https://github.com/drevops/phpcs-standard adds this enforcement for consistency in the custom code.

  • [#1995] Upgraded to Rector config to V2 and switched to rule sets. @AlexSkrypnyk (#2047, #2068)
    Allows to automatically cover future rules added to the sets without the need to manually update the config each time.
    Also improved performance of Rector runs by removing cache claring between runs.

  • Added prettier-plugin-jsdoc to the root FE deps and updated other deps. @AlexSkrypnyk (#2067)
    Prettier now can format JS docs.

  • Added contrib patching section to AI instructions. @AlexSkrypnyk (#2038)
    Allows to tell your AI agent to re-roll contrib patches when updating contrib modules.

  • Updated drevops/behat-steps to 3.3. @AlexSkrypnyk (#2078)
    Enforces checks for JavaScript errors on the page during Behat tests.

Fixes

Updates

None

⚙️ Workflow

New features

Fixes

None

Updates

🌀 Vortex

  • 📖 Documentation:

    • Updated project docs. @AlexSkrypnyk (#1998)
      • FAQs: Added external Xdebug documentation link and cross-reference.
      • FAQs: Updated Behat example to enable Xdebug by default.
      • FAQs: Clarified branch switching does not require a full rebuild; use ahoy provision to update the environment.
      • FAQs: Revised patches example keys (Remote patch description) and added a Local patch description entry.
      • Minor formatting and wording touch-ups without changing semantics.
      • CI guide: Wrapped a long reference link into two lines in CircleCI and GitHub Actions sections (no content changes).
    • [#1999] Removed onboarding.md from the project assets. @AlexSkrypnyk (#2000)

  • 🎛️ Installer:

  • 🔧 Vortex maintenance:

    • Enforced snake case for local variables and method arguments in functional tests. @AlexSkrypnyk (#2074)

📋 Release checklist

  • Updated all dependencies outside of the schedule
  • Updated container images to the latest versions and checked that @see links
  • Updated PHP version in composer.json for config.platform.
  • Updated PHP version in phpcs.xml for testVersion.
  • Updated PHP version in phpstan.neon for phpVersion.
  • Updated minor version of all packages in composer.json.
  • Updated minor version of dependencies in theme's package.json.
  • Incremented the cache version in .circleci/config.yml and .github/workflows/build-test-deploy.yml.
  • Updated documentation.

Full Changelog: 25.8.1...25.11.0

Note: there was no 25.9.0 release

@AlexSkrypnyk, @renovate[bot] and renovate[bot]

Contributors

AlexSkrypnyk and renovate
Loading